PT-2026-37573 · Linux+3 · Linux+155
Published
2026-05-06
·
Updated
2026-05-07
·
CVE-2026-43233
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
An out-of-bounds read exists in the
decode choice() function within the nf conntrack h323 helper of the netfilter component. The issue occurs because the boundary check before calling get len() uses an uninitialized len variable set to 0. When a bitstream is fully consumed, the check fails to prevent get len() from reading 1 to 2 bytes past the end of the buffer, leading to a heap-buffer-overflow read. This can be triggered remotely by sending a crafted Q.931 SETUP message containing a User-User Information Element with exactly 2 bytes of PER-encoded data to port 1720 through a firewall where the nf conntrack h323 helper is active.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux
Linux-Allwinner-5.19
Linux-Aws
Linux-Aws-5.0
Linux-Aws-5.11
Linux-Aws-5.13
Linux-Aws-5.15
Linux-Aws-5.19
Linux-Aws-5.3
Linux-Aws-5.4
Linux-Aws-5.8
Linux-Aws-6.14
Linux-Aws-6.17
Linux-Aws-6.2
Linux-Aws-6.5
Linux-Aws-6.8
Linux-Aws-Fips
Linux-Aws-Hwe
Linux-Azure
Linux-Azure-4.15
Linux-Azure-5.11
Linux-Azure-5.13
Linux-Azure-5.15
Linux-Azure-5.19
Linux-Azure-5.3
Linux-Azure-5.4
Linux-Azure-5.8
Linux-Azure-6.11
Linux-Azure-6.14
Linux-Azure-6.17
Linux-Azure-6.2
Linux-Azure-6.5
Linux-Azure-6.8
Linux-Azure-Edge
Linux-Azure-Fde
Linux-Azure-Fde-5.15
Linux-Azure-Fde-5.19
Linux-Azure-Fde-6.14
Linux-Azure-Fde-6.17
Linux-Azure-Fde-6.2
Linux-Azure-Fde-6.8
Linux-Azure-Fips
Linux-Azure-Nvidia
Linux-Azure-Nvidia-6.14
Linux-Bluefield
Linux-Fips
Linux-Gcp
Linux-Gcp-4.15
Linux-Gcp-5.11
Linux-Gcp-5.13
Linux-Gcp-5.15
Linux-Gcp-5.19
Linux-Gcp-5.3
Linux-Gcp-5.4
Linux-Gcp-5.8
Linux-Gcp-6.11
Linux-Gcp-6.14
Linux-Gcp-6.17
Linux-Gcp-6.2
Linux-Gcp-6.5
Linux-Gcp-6.8
Linux-Gcp-Fips
Linux-Gke
Linux-Gke-4.15
Linux-Gkeop-5.15
Linux-Gke-5.4
Linux-Gkeop
Linux-Hwe
Linux-Hwe-5.11
Linux-Hwe-5.13
Linux-Hwe-5.15
Linux-Hwe-5.19
Linux-Hwe-5.4
Linux-Hwe-5.8
Linux-Hwe-6.11
Linux-Hwe-6.14
Linux-Hwe-6.17
Linux-Hwe-6.2
Linux-Hwe-6.5
Linux-Hwe-6.8
Linux-Hwe-Edge
Linux-Ibm
Linux-Ibm-5.15
Linux-Ibm-5.4
Linux-Ibm-6.8
Linux-Intel-5.13
Linux-Intel-Iot-Realtime
Linux-Intel-Iotg
Linux-Intel-Iotg-5.15
Linux-Iot
Linux-Kvm
Linux-Lowlatency
Linux-Lowlatency-Hwe-5.15
Linux-Lowlatency-Hwe-5.19
Linux-Lowlatency-Hwe-6.11
Linux-Lowlatency-Hwe-6.2
Linux-Lowlatency-Hwe-6.5
Linux-Lowlatency-Hwe-6.8
Linux-Lts
Linux-Nvidia
Linux-Nvidia-6.11
Linux-Nvidia-6.2
Linux-Nvidia-6.5
Linux-Nvidia-6.8
Linux-Nvidia-Lowlatency
Linux-Nvidia-Tegra
Linux-Nvidia-Tegra-5.15
Linux-Nvidia-Tegra-Igx
Linux-Oem
Linux-Oem-5.10
Linux-Oem-5.13
Linux-Oem-5.14
Linux-Oem-5.17
Linux-Oem-5.6
Linux-Oem-6.0
Linux-Oem-6.1
Linux-Oem-6.11
Linux-Oem-6.14
Linux-Oem-6.17
Linux-Oem-6.5
Linux-Oem-6.8
Linux-Oracle
Linux-Oracle-5.0
Linux-Oracle-5.11
Linux-Oracle-5.13
Linux-Oracle-5.15
Linux-Oracle-5.3
Linux-Oracle-5.4
Linux-Oracle-5.8
Linux-Oracle-6.14
Linux-Oracle-6.17
Linux-Oracle-6.5
Linux-Oracle-6.8
Linux-Raspi
Linux-Raspi-5.4
Linux-Raspi-Realtime
Linux-Raspi2
Linux-Realtime
Linux-Realtime-6.14
Linux-Realtime-6.17
Linux-Realtime-6.8
Linux-Riscv
Linux-Riscv-5.11
Linux-Riscv-5.15
Linux-Riscv-5.19
Linux-Riscv-5.8
Linux-Riscv-6.14
Linux-Riscv-6.17
Linux-Riscv-6.5
Linux-Riscv-6.8
Linux-Starfive-5.19
Linux-Starfive-6.2
Linux-Starfive-6.5
Linux-Xilinx
Linux-Xilinx-Zynqmp
Linux Kernel